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The Internet put the rest of the world at the reach of our computers. In the same way it 
also made our computers reachable by the rest of the world. Good news and bad news!. 
Over the last decade, the Internet has been subject to widespread security attacks. 
Besides the classical terms, new ones had to be found in order to designate a large 
collection of threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, 
man-in-the-middle, password-sniffing, denial-of-service, an ... 

Keywords: Client-Server, Covert Channel, DNS, Denial of Service, Ethernet, Hijacking, 
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The contractor uses the client, the network, and the server to give a service to the 
customer. We put it this way to emphasise that the denial of service against which we 
seek to protect is the denial of service to the customer, not to the client. The attack may 
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indeed consist of disabling or destroying the client, just as it may consist of interfering 
with the network or with the server. This paper does not consider issues of responsibility, 
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This paper describes a technique for tracing anonymous packet flooding attacks in the 
Internet back towards their source. This work is motivated by the increased frequency 
and sophistication of denial-of-service attacks and by the difficulty in tracing packets with 
incorrect, or * 'spoofed", source addresses. In this paper we describe a general purpose 
traceback mechanism based on probabilistic packet marking in the network. Our approach 
allows a victim to identify the network path(s) trave ... 
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We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show 
that other shared-tree multicast routing protocols are subject to attacks against the 
multicast routing infrastructure that can isolate receivers or domains or introduce loops 
into the structure of the multicast routing tree, KHIP changes the multicast routing model 
so that only trusted members are able to join the multicast tree. This protects the 
multicast routing against attacks that could form branches to ... 
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Publisher: Digital Government Research Center 

Full text available: [ g] pdf(539.99 KB ) Additional Information: full citation , abstract 

As. use of the Internet in commerce, education and personal communication has become 
common, the question of Internet voting in local and national elections naturally arises. In 
addition to adding convenience and precision, some believe that Internet voting may 
reverse the historical and downward trend of voter turnout in the United States. For these 
reasons President Clinton issued a memorandum in December 1999 requesting that the 
National Science Foundation examine the feasibility of online (In ... 
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Several 3-party-based authentication protocols have been proposed, which are resistant 
to off-line password guessing attacks. We show that they are not resistant to a new type 
of attack called "undetectable on-line password guessing attack". The authentication 
server is not able to notice this kind of attack from the clients' (attacker's) requests, 
because they don't include enough information about the clients (or attacker). Either 
freshness or authenticity of these requests is not guaranteed. ... 
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The TCP/IP protocol suite, which is very widely used today, was developed under the 
sponsorship of the Department of Defense. Despite that, there are a number of serious 
security flaws inherent in the protocols, regardless of the correctness of any 
implementations. We describe a variety of attacks based on these flaws, including 
sequence number spoofing, routing attacks, source address spoofing, and authentication 
attacks. We also present defenses against these attacks, and conclude with a discu ... 
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In this paper we present a new approach for network intrusion detection based on concise 
specifications that characterize normal and abnormal network packet sequences. Our 
specification language is geared for a robust network intrusion detection by enforcing a 
strict type discipline via a combination of static and dynamic type checking. Unlike most 
previous approaches in network intrusion detection, our approach can easily support new 
network protocols as information relating to the protoco ... 
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The Internet put the rest of the world at the reach of our computers. In the same way it 
also made our computers reachable by the rest of the world. Good news and bad news! 
Over the last decade, the Internet has been subject to widespread security attacks. 
Besides the classical terms, new ones had to be found in order to designate a large 
collection of threats: Worms, break-ins, hackers, crackers, hijacking, phrackers, spoofing, 
man-in-the-middle, password-sniffing, denial-of-service, and ... 
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In 1998 and again in 1999, the Lincoln Laboratory of MIT conducted a comparative 
evaluation of intrusion detection systems (IDSs) developed under DARPA funding. While 
this evaluation represents a significant and monumental undertaking, there are a number 
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of issues associated with its design and execution that remain unsettled. Some 
methodologies used in the evaluation are questionable and may have biased its results. 
One problem is that the evaluators have published relatively little concer ... 

Keywords: computer security, intrusion detection, receiver operating curves (ROC), 
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We present the design and implementation of an end-to-end architecture for Internet host 
mobility using dynamic updates to the Domain Name System (DNS) to track host location. 
Existing TCP connections are retained using secure and efficient connection migration, 
enabling established connections to seamlessly negotiate a change in endpoint IP 
addresses without the need for a third party. Our architecture is secure— name updates 
are effected via the secure DNS update protocol, while TCP ... 
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As the recent denial-of-service attacks on several major Internet sites have shown us, no 
open computer network is immune from intrusions. The wireless ad-hoc network is 
particularly vulnerable due to its features of open medium, dynamic changing topology, 
cooperative algorithms, lack of centralized monitoring and management point, and lack of 
a clear line of defense. Many of the intrusion detection techniques developed on a fixed 
wired network are not applicable in this new environment. Ho ... 
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